The number of successful cyberattacks per year per company has increased by 46% over the last four years. But what really needs to be considered when exploring a solution? What questions need to be asked? Download to find out...

XSS security attack found in eBay iPhone auction

eBay iPhone lure is a ticket to theft

UNSCRUPULOUS SCAMMERS are exploiting eBay and the Apple iPhone as part of a security attack.

An eBay user blew the whistle on the auction issue. While looking for an iPhone he came across an auction with a link that took him to a page outside eBay that looked a lot like eBay and asked for his eBay login credentials. He did not like the look of it.

"eBay clearly dropped the ball by allowing the malicious script to find its way into auction entries," he said. "It's the kind of code which should be stripped out of its pages, so there's no possibility of any harm being done."

Cluley said that eBay was suffering from a cross-site scripting flaw (XSS) that let the bad guys insert their third-party webpage redirect script and get away with it.

If there is a lesson here, it might be to not buy second-hand items on eBay, it might be to not buy anything on eBay or it might be to not expect websites to catch malicious script on their webpages.

We asked eBay, which has been the target of a lot of rather angry complaints in recent weeks, if it would like to comment. "The eBay corporate network has not been compromised. This appears to be a case of abuse by a user who placed malicious links within a few product listings on eBay.co.uk," said an eBay spokesperson.

"We take the safety of our marketplace very seriously and remove listings that are in violation of our policy on third-party links."